Re: [webauthn] clientDataJSON sent to authenticator? (#1442)

> confused why under 5.2. Authenticator Responses it says
`This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().`

This could definitely be made clearer.

> why (for registration) `pubKeyCred.response.clientDataJSON` gets its value from `credentialCreationData.clientDataJSONResult` instead of `clientDataJSON`
Because, for brevity's sake, it should be kept in bytes until needing to be unpacked by the RP

The references that you list (one of which I am an author of and will update) are somewhat simplifying what occurs I think: the authenticator does indeed only request the `clientDataHash` rather than a byte-serialized version of the `ClientDataJSON`. 

GitHub Notification of comment by nicksteele
Please view or discuss this issue at using your GitHub account

Received on Thursday, 18 June 2020 00:37:47 UTC